2021-04-16 19:50:02 +00:00
---
layout: docs
2021-04-28 22:13:29 +00:00
page_title: 'Configuration Entry Kind: Mesh'
2021-04-16 19:50:02 +00:00
description: >-
2021-04-28 22:13:29 +00:00
The mesh config entry kind allows for globally defining default
2021-04-16 19:50:02 +00:00
configuration across all services mesh proxies.
Settings in this config entry apply across all namespaces and federated datacenters.
2021-04-28 22:13:29 +00:00
Currently, only one mesh entry is supported.
2021-04-16 19:50:02 +00:00
---
2021-06-22 22:04:50 +00:00
# Mesh
2021-04-16 19:50:02 +00:00
2021-12-21 00:30:39 +00:00
-> **v1.10.0+:** This configuration entry is supported in Consul versions 1.10.0+.
2021-04-16 19:50:02 +00:00
2021-12-21 00:30:39 +00:00
The `mesh` configuration entry allows you to define a global default configuration that applies to all service mesh proxies.
2021-04-16 19:50:02 +00:00
Settings in this config entry apply across all namespaces and federated datacenters.
2021-12-21 00:30:39 +00:00
## Sample Configuration Entries
2021-04-16 19:50:02 +00:00
2021-06-22 23:56:53 +00:00
### Mesh Destinations Only
Only allow transparent proxies to dial addresses in the mesh.
2021-04-16 19:50:02 +00:00
<Tabs>
2021-06-13 00:53:50 +00:00
<Tab heading="Consul OSS">
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
2021-04-16 19:50:02 +00:00
```hcl
2021-06-22 23:56:53 +00:00
Kind = "mesh"
2021-04-16 19:50:02 +00:00
TransparentProxy {
2021-06-14 20:15:09 +00:00
MeshDestinationsOnly = true
2021-04-16 19:50:02 +00:00
}
```
2021-06-13 00:53:50 +00:00
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: Mesh
metadata:
name: mesh
spec:
transparentProxy:
meshDestinationsOnly: true
```
```json
{
"Kind": "mesh",
"TransparentProxy": {
"MeshDestinationsOnly": true
}
}
```
</CodeTabs>
2021-04-16 19:50:02 +00:00
</Tab>
2021-06-13 00:53:50 +00:00
<Tab heading="Consul Enterprise">
2021-04-16 19:50:02 +00:00
2021-12-21 00:30:39 +00:00
The `mesh` configuration entry can only be created in the `default` namespace and will apply to proxies across **all** namespaces.
2021-04-16 19:50:02 +00:00
2021-06-13 00:53:50 +00:00
<CodeTabs tabs={[ "HCL", "Kubernetes YAML", "JSON" ]}>
2021-04-16 19:50:02 +00:00
```hcl
2021-04-28 22:13:29 +00:00
Kind = "mesh"
2021-04-16 19:50:02 +00:00
Namespace = "default" # Can only be set to "default".
2021-12-21 00:30:39 +00:00
Partition = "default"
2021-04-28 22:13:29 +00:00
2021-04-16 19:50:02 +00:00
TransparentProxy {
2021-06-14 20:15:09 +00:00
MeshDestinationsOnly = true
2021-04-16 19:50:02 +00:00
}
```
2021-06-22 23:56:53 +00:00
```yaml
apiVersion: consul.hashicorp.com/v1alpha1
kind: Mesh
metadata:
name: mesh
2021-12-21 00:30:39 +00:00
namespace: default
2021-06-22 23:56:53 +00:00
spec:
transparentProxy:
meshDestinationsOnly: true
```
2021-04-16 19:50:02 +00:00
2021-06-13 00:53:50 +00:00
```json
{
"Kind": "mesh",
"Namespace": "default",
2021-12-21 00:30:39 +00:00
"Partition": "default",
2021-06-13 00:53:50 +00:00
"TransparentProxy": {
"MeshDestinationsOnly": true
}
}
2021-06-22 23:56:53 +00:00
```
2021-04-16 19:50:02 +00:00
2021-06-13 00:53:50 +00:00
</CodeTabs>
2021-06-22 23:56:53 +00:00
</Tab>
</Tabs>
2021-04-16 19:50:02 +00:00
2022-01-07 22:20:43 +00:00
Note that the Kuberetes example does not include a `partition` field. Configuration entries are applied on Kubernetes using [custom resource definitions (CRD)](/docs/k8s/crds), which can only be scoped to their own partition.
2022-01-03 22:40:03 +00:00
2021-06-22 23:56:53 +00:00
## Available Fields
2021-04-16 19:50:02 +00:00
2021-06-22 23:56:53 +00:00
<ConfigEntryReference
keys={[
{
name: 'apiVersion',
description: 'Must be set to `consul.hashicorp.com/v1alpha1`',
hcl: false,
},
{
name: 'Kind',
description: {
hcl: 'Must be set to `mesh`',
yaml: 'Must be set to `Mesh`',
},
},
{
name: 'Namespace',
type: `string: "default"`,
enterprise: true,
description:
2021-12-21 00:30:39 +00:00
'Must be set to `default`. The configuration will apply to all namespaces.',
yaml: false,
},
{
name: 'Partition',
type: `string: "default"`,
enterprise: true,
description:
'Specifies the name of the admin partition in which the configuration entry applies. Refer to the [Admin Partitions documentation](/docs/enterprise/admin-partitions) for additional information.',
2021-06-22 23:56:53 +00:00
yaml: false,
},
{
name: 'Meta',
type: 'map<string|string>: nil',
description:
'Specifies arbitrary KV metadata pairs. Added in Consul 1.8.4.',
yaml: false,
},
{
name: 'metadata',
children: [
{
name: 'name',
description: 'Must be set to `mesh`',
},
{
name: 'namespace',
2021-12-21 00:30:39 +00:00
enterprise: true,
description:
2022-01-03 22:40:03 +00:00
'Must be set to `default`. If running Consul Open Source, the namespace is ignored (see [Kubernetes Namespaces in Consul OSS](/docs/k8s/crds#consul-oss)). If running Consul Enterprise see [Kubernetes Namespaces in Consul Enterprise](/docs/k8s/crds#consul-enterprise) for additional information.',
2021-06-22 23:56:53 +00:00
},
],
hcl: false,
},
{
name: 'TransparentProxy',
type: 'TransparentProxyConfig: <optional>',
description:
'Controls configuration specific to proxies in `transparent` [mode](/docs/connect/config-entries/service-defaults#mode). Added in v1.10.0.',
children: [
{
name: 'MeshDestinationsOnly',
type: 'bool: false',
description: `Determines whether sidecar proxies operating in transparent mode can
proxy traffic to IP addresses not registered in Consul's mesh. If enabled, traffic will only be proxied
to upstream proxies or Connect-native services. If disabled, requests will be proxied as-is to the
original destination IP address. Consul will not encrypt the connection.`,
},
],
},
]}
/>
2021-04-16 19:50:02 +00:00
## ACLs
Configuration entries may be protected by [ACLs](/docs/security/acl).
2021-04-28 22:13:29 +00:00
Reading a `mesh` config entry requires no specific privileges.
2021-04-16 19:50:02 +00:00
2021-04-28 22:13:29 +00:00
Creating, updating, or deleting a `mesh` config entry requires
2021-04-16 19:50:02 +00:00
`operator:write`.